<!DOCTYPE html>
<meta charset=utf-8>
<title>Basic CORS</title>
<link rel=help href=https://fetch.spec.whatwg.org/>
<meta name=author title="Odin Hørthe Omdal" href="mailto:odiho@opera.com">

<script src=/resources/testharness.js></script>
<script src=/resources/testharnessreport.js></script>
<script src=/common/utils.js></script>
<script src=support.js?pipe=sub></script>
<div id=log></div>

<script>
function cors(desc, scheme, subdomain = "", port = location.port) {
    const sameorigin = !scheme;
    const base =
        sameorigin ? "" : `${scheme}://${subdomain}${location.hostname}:${port}${dirname(location.pathname)}`;

    async_test((t) => {
        const client = new XMLHttpRequest();
        client.open("GET", `${base}resources/cors-makeheader.py?get_value=hest_er_best&origin=none&${token()}`);
        client.send();

        client.onload = t.step_func_done(() => {
            assert_true(sameorigin, "Cross origin request must be rejected.");
            assert_true(client.response.includes("hest_er_best"), "Got response");
        });
        client.onerror = t.step_func_done(() => {
            assert_false(sameorigin, "Same origin request must be accepted.");
        });
    }, `${desc}, origin: none`);

    async_test((t) => {
        const client = new XMLHttpRequest();
        client.open("GET", `${base}resources/cors-makeheader.py?get_value=hest_er_best&${token()}`);
        client.send();

        client.onload = t.step_func_done(() => {
            assert_true(client.response.includes("hest_er_best"), "Got response");
        });
        client.onerror = t.unreached_func("Should be accepted");
    }, `${desc}, origin: echo`);
}

cors("Same domain basic usage");
cors("Cross domain basic usage", "http", "www1");
cors("Same domain different port", "http", undefined, PORT);

cors("Cross domain different port", "http", "www1", PORT);

cors("Cross domain different protocol", "https", "www1", PORTS);

cors("Same domain different protocol different port", "https", undefined, PORTS);

</script>
